[Git][security-tracker-team/security-tracker][master] openjdk-17,cinder,nova,glance DSAs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 1 18:24:28 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ddfadbc4 by Moritz Mühlenhoff at 2023-02-01T19:23:47+01:00
openjdk-17,cinder,nova,glance DSAs
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36094,7 +36094,6 @@ CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
- [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...)
NOT-FOR-US: GLPI plugin
CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...)
@@ -95440,7 +95439,6 @@ CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
- [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.40-dfsg-1
NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR
@@ -95457,7 +95455,6 @@ CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
- [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
NOT-FOR-US: Oracle
CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...)
@@ -95474,10 +95471,8 @@ CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise E
- openjdk-11 11.0.17+8-1
[buster] - openjdk-11 <postponed> (Minor issue, fix along with next CPU)
- openjdk-17 17.0.5+8-1
- [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
- openjdk-17 17.0.5+8-1
- [bullseye] - openjdk-17 <postponed> (Minor issue, fix along with next CPU)
CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.31-1 (bug #1024016)
CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,15 @@
+[01 Feb 2023] DSA-5338-1 cinder - security update
+ {CVE-2022-47951}
+ [bullseye] - cinder 2:17.0.1-1+deb11u1
+[01 Feb 2023] DSA-5337-1 nova - security update
+ {CVE-2022-47951}
+ [bullseye] - nova 2:22.0.1-2+deb11u1
+[01 Feb 2023] DSA-5336-1 glance - security update
+ {CVE-2022-47951}
+ [bullseye] - glance 2:21.0.0-2+deb11u1
+[01 Feb 2023] DSA-5335-1 openjdk-17 - security update
+ {CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-39399 CVE-2023-21835 CVE-2023-21843}
+ [bullseye] - openjdk-17 17.0.6+10-1~deb11u1
[29 Jan 2023] DSA-5334-1 varnish - security update
{CVE-2022-45060}
[bullseye] - varnish 6.5.1-1+deb11u3
=====================================
data/dsa-needed.txt
=====================================
@@ -11,13 +11,9 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
---
-cinder (jmm)
--
frr
--
-glance (jmm)
---
jupyter-core
Maintainer asked for availability to prepare updates
--
@@ -32,13 +28,9 @@ linux (carnil)
netatalk
open regression with MacOS, tentative patch not yet merged upstream
--
-nova (jmm)
---
multipath-tools
Tobias Frost proposed a potential update to be reviewed, maintainer asked to review changes
--
-openjdk-17 (jmm)
---
php-cas
--
php-horde-mime-viewer
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ddfadbc4d1151cea776fa042f10f8e02f9d429ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230201/f7d0ca24/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list